SQL Injection Vulnerabilities in Parallels Plesk Panel from Parallels
CVE-2011-4734

Currently unrated

Key Information:

Vendor: Parallels
Status: Parallels Plesk Panel
Vendor: CVE Published:; 16 December 2011

What is CVE-2011-4734?

The Parallels Plesk Panel version 10.2.0 build 20110407.20 is susceptible to multiple SQL injection vulnerabilities. These vulnerabilities can be exploited by remote attackers who craft malicious input, allowing them to execute arbitrary SQL commands through specific PHP scripts, including the file-manager. This security flaw poses significant risks by enabling unauthorized access and manipulation of database information, which can lead to further attacks on affected systems.

References

http://xss.cx/examples/plesk-reports/xss-reflected-cross-...

x_refsource_MISC

https://exchange.xforce.ibmcloud.com/vulnerabilities/72325

vdb-entryx_refsource_XF

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Dec 16, 2011
Vulnerability Reserved
Dec 11, 2011